commit b0d2de45cddcd1e4578bfae121e606f89b00fc5e · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

freetype: fix CVE-2017-{8105,8287} by upstream patches

I copied the patches, as the changelog changes would certainly conflict.

Vladimír Čunát 8 years ago b0d2de45 fcdb4b51

+52

3 changed files

expand all

unified split

pkgs

development

libraries

freetype

cve-2017-8105.patch

cve-2017-8287.patch

default.nix

+27

pkgs/development/libraries/freetype/cve-2017-8105.patch

··· 1 + http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee43 2 + 3 + diff --git a/src/psaux/t1decode.c b/src/psaux/t1decode.c 4 + index af7b465..7dd4513 100644 5 + --- a/src/psaux/t1decode.c 6 + +++ b/src/psaux/t1decode.c 7 + @@ -780,10 +780,19 @@ 8 + /* point without adding any point to the outline */ 9 + idx = decoder->num_flex_vectors++; 10 + if ( idx > 0 && idx < 7 ) 11 + + { 12 + + /* in malformed fonts it is possible to have other */ 13 + + /* opcodes in the middle of a flex (which don't */ 14 + + /* increase `num_flex_vectors'); we thus have to */ 15 + + /* check whether we can add a point */ 16 + + if ( FT_SET_ERROR( t1_builder_check_points( builder, 1 ) ) ) 17 + + goto Syntax_Error; 18 + + 19 + t1_builder_add_point( builder, 20 + x, 21 + y, 22 + (FT_Byte)( idx == 3 || idx == 6 ) ); 23 + + } 24 + } 25 + break; 26 + 27 +

+22

pkgs/development/libraries/freetype/cve-2017-8287.patch

··· 1 + http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b 2 + 3 + diff --git a/src/psaux/psobjs.c b/src/psaux/psobjs.c 4 + index d18e821..0baf836 100644 5 + --- a/src/psaux/psobjs.c 6 + +++ b/src/psaux/psobjs.c 7 + @@ -1718,6 +1718,14 @@ 8 + first = outline->n_contours <= 1 9 + ? 0 : outline->contours[outline->n_contours - 2] + 1; 10 + 11 + + /* in malformed fonts it can happen that a contour was started */ 12 + + /* but no points were added */ 13 + + if ( outline->n_contours && first == outline->n_points ) 14 + + { 15 + + outline->n_contours--; 16 + + return; 17 + + } 18 + + 19 + /* We must not include the last point in the path if it */ 20 + /* is located on the first point. */ 21 + if ( outline->n_points > 1 ) 22 +

pkgs/development/libraries/freetype/default.nix

··· 48 48 ./pcf-config-long-family-names.patch 49 49 ./disable-pcf-long-family-names.patch 50 50 ./enable-table-validation.patch 51 + # remove the two CVE patches after updating to >= 2.8 52 + ./cve-2017-8105.patch 53 + ./cve-2017-8287.patch 51 54 ] ++ 52 55 optional useEncumberedCode ./enable-subpixel-rendering.patch; 53 56